New Backdoor and DDoS Trojan targetting Linux Computers

15-04-2016, 06:00

After getting encountered with a Trojan last year, Linux ecosystem have detected a new Trojan family which the researchers call it as Linux.BackDoor.Xudp. However, this new Trojan does not enable leveraging automated scripts, brute force attacks or vulnerabilities in order to infect users. The attackers acquire root privileges when users download applications or malicious packages from internet. However, Linux.BackDoor.Xudp gets installed through Linux Downloader. After getting the root privileges to an application with Linux.Downloader (version 77), an updated version of the Trojan will be downloaded (version 116)comprising of more features which are needed to install Xudp. It will download and install Xudp in the "/lib/.socket1" or /lib/.loves" folders, Xudp will be added to the system's auto-run scripts as well as clear all the the local iptables firewall if at all it is used.

Experts have said that Xudp can be used as a backdoor to implement commands on the local machine or as a bot in synchronised DDoS attacks. Antivirus maker while writing had detected at least three diverse versions of Linux.BackDoor.Xudp.